On 11/03/2012 10:10 PM, Patrick LeBoutillier wrote: > Hi all, Hi Patrick,
> > We have been using linux-vserver for years (we actually created the > project before eventually passing on maintainership), but after years > of kernel patching and unending API and syscall changes, we are looking > to move towards a more mainstream approach, ideally fully integrated into > the stock linux kernel. > > Some research has lead me to LXC as perhaps a viable replacement > solution, but before going further I would like to get a better > grasp on some of key aspects of the project. > > Here goes: > > > - One of the things we use a lot with linux-vserver is an "enter" > functionality: from a shell in the host, use the "enter" command > to get a shell inside a container. This is a variant of the "exec" > feature, which allows the execution of an arbitrary command inside > a container from a shell on the host. > > A lot of our internal processes are based on this feature. The vast > majority of our containers do not run SSH servers and are accessed > interactively (or not) from the host. > > Is this functionality (or something equivalent) supported by LXC? The feature is partially in the kernel for sure. The equivalent syscall, 'setns' is already merged upstream. I don't know how works linux-vserver but with LXC relies on the namespaces for the subsystem. The 'attach' is partially merged, we can make a process to access some resources of the container but the mount and the pid namespaces are missing right now leading to a partial 'enter' command which does not makes sense. The patches are for these are a out-dated but available at git.kernel.org and in the download section of lxc.sourceforge.net. What is missing is spare time to refresh and merge them upstream. > > - As far as networking is concerned, we simply use IP aliases (eth0:1) > to allocate IP addresses for the containers. This offers very basic > network isolation (the container is limited to using specific aliases) > but it suits our needs. > > With LXC, is this simple technique usable or does one have to > necessarily setup bridges and/or tunnels? The network isolation acts at the layer 2. But hopefully there are a lot of configuration options and combinations making possible to have a simple approach like linux-vserver without extra overhead which is probably one of your concern. One example is the 'macvlan' option without loss of network offloading capabilities. Hope that helps -- Daniel ------------------------------------------------------------------------------ LogMeIn Central: Instant, anywhere, Remote PC access and management. Stay in control, update software, and manage PCs from one command center Diagnose problems and improve visibility into emerging IT issues Automate, monitor and manage. Do more in less time with Central http://p.sf.net/sfu/logmein12331_d2d _______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
